$10 halts global hackers
Cheap Web trick
A British computer geek spent just $10.69 to stop the global cyberattack that struck nearly 100 countries on Friday.
Buried in code for the nasty WannaCry Internet worm was a kill switch, likely inserted by its creators in case something went wrong.
The switch was a domain name, also known as a Web site’s address.
An anonymous 22-yearold researcher, known as MalwareTech, noticed the site address had never been set up.
“I saw it wasn’t registered and thought, ‘I’ll have that,’ ” MalwareTech told The Daily Beast after detailing the discovery in a blog post early Saturday.
So the cybersleuth paid $10.69 to buy the domain from NameCheap.com and set it up on a Los Angeles server.
MalwareTech lives in southwest England and works for Kryptos Logic, an LA-based threat-intelli- gence company. MalwareTech’s job involves following attacks like the WannaCry virus.
MalwareTech admitted not realizing at first that the domain name in the malware was a kill switch, and recalled thinking that putting it on a server might help track the virus’ spread.
But to MalwareTech’s surprise, once the malware connected to the LA server, it began shutting itself down.
“I will confess that I was unaware registering the domain would stop the malware,” MalwareTech tweeted. “So initially it was accidental.”
Investigators are hunting for those behind the attack, which corrupted as many as 130,000 IT systems around the world.
MalwareTech warned that the perpetrators are probably working to get around the LA server.
“All they need to do is change some code and start again,” MalwareTech tweeted. “Patch your systems now!”